Now that i can launch intances normally, it seems that the rules are not getting applied anywhere, i have full access to the docker containers. If i do iptable -t nat -L and iptables -L , no rules seems to be applied to any flow
On Fri, Oct 18, 2013 at 4:28 PM, Leandro Reox <leandro.r...@gmail.com>wrote: > Yes it is, but i found that is not reading the parameter from the > nova.conf , i forced on the code on /network/manager.py and took the > argument finally but stacks cause says that the neutron_url and if i fix it > it stacks on the next neutron parameter like timeout : > > File "/usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py", line > 1648, in __getattr__ > 2013-10-18 15:21:04.397 30931 TRACE nova.api.openstack raise > NoSuchOptError(name) > 2013-10-18 15:21:04.397 30931 TRACE nova.api.openstack NoSuchOptError: no > such option: neutron_url > > and then > > File "/usr/local/lib/python2.7/dist-packages/oslo/config/cfg.py", line > 1648, in __getattr__ > 2013-10-18 15:25:20.811 31305 TRACE nova.api.openstack raise > NoSuchOptError(name) > 2013-10-18 15:25:20.811 31305 TRACE nova.api.openstack NoSuchOptError: no > such option: neutron_url_timeout > > Its really weird, like its not reading the nova.conf neutron parameter at > all ... > > If i hardcode all the settings on the neutronv2/init.py .. at least it > works, and bring all the secgroup details from netruon > > > > On Fri, Oct 18, 2013 at 3:48 PM, Aaron Rosen <aro...@nicira.com> wrote: > >> Hi Leandro, >> >> >> I don't believe the setting of: security_group_api=neutron in nova.conf >> actually doesn't matter at all on the compute nodes (still good to set it >> though). But it matters on the nova-api node. can you confirm that your >> nova-api node has: security_group_api=neutron in it's nova.conf? >> >> Thanks, >> >> Aaron >> >> >> On Fri, Oct 18, 2013 at 10:32 AM, Leandro Reox <leandro.r...@gmail.com>wrote: >> >>> Dear all, >>> >>> Im struggling with centralized sec groups on nova, were using OVS, it >>> seems like no matter what flag i change on nova conf, the node still >>> searchs the segroups on nova region local db >>> >>> We added : >>> >>> >>> [compute node] >>> >>> *nova.conf* >>> >>> firewall_driver=neutron.agent.firewall.NoopFirewallDriver >>> security_group_api=neutron >>> >>> >>> *ovs_neutron_plugin.ini* >>> >>> [securitygroup] >>> firewall_driver = >>> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver >>> >>> >>> Restarted the agent, nova-compute services ... still the same, are we >>> missing something ? >>> >>> NOTE: we're using dockerIO as virt system >>> >>> Best >>> Leitan >>> >>> _______________________________________________ >>> OpenStack-dev mailing list >>> openstack-...@lists.openstack.org >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >>> >> >> _______________________________________________ >> OpenStack-dev mailing list >> openstack-...@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
